> So what I'd like to propose is that IPsec SAs *not* try to survive
> mid-connection NAT renumberings.
Well, it's intentionally left out of the current NAT traversal drafts.
It was discussed at some point between the authors. Instead we specify
NAT keepalives.
=> we have to specify in details the peer address management, and not only
for NAT traversal but also for mobility and multi-homing.

You or anybody else is welcome to do it. I won't touch
that with a long pole :).

Ari

--
I play it cool and dig all jive,
that's the reason I stay alive.
My motto as I live and learn,
is dig and be dug in return. <Langston Hughes>